Method for securing safety of electronic information

ABSTRACT

A security assurance technique for electronic information wherein an electronic information file  1  is divided into a plurality of information elements  2  and the divided information elements are selected and combined with their order changed to produce one or more information blocks  3 , and division extraction data of the information elements is produced and the information blocks are formed and stored or transmitted, whereafter, when the electronic information is to be utilized, the information elements  4  included in the information blocks  3  are re-divided, re-arranged in the correct order and integrated based on the division extraction data to restore an original electronic information file  5 , whereby, even if electronic information stored or being communicated is stolen, the value of the information is reduced to disable utilization of the information.

This application claims priority to PCT/JP99/01350, filed Mar. 18, 1999,which published on Aug. 3, 2000 with Publication No. WO00/45358 in theJapanese language and which claimed priority to Japanese Application No.11-19399, filed Jan. 28, 1999.

TECHNICAL FIELD

This invention relates to a method for securing safety of electronicinformation in storage of electronic information or in exchange ofelectronic information and also to a method of securing the identitywith an original of electronic information.

BACKGROUND ART

A large number of computers have been and are being connected to acommunication network to form a system such that each of the computerscan be connected to many and unspecified persons over a communicationpath. Therefore, there is the possibility that also electronicinformation stored in an external storage apparatus of a computer suchas a hard disk apparatus may be accessed by a third party having noauthority over a communication path and stolen or altered.

Also transmission of electronic information over a communication pathsuch as exchange of personal information by an electronic mail and soforth, distribution of an application program such as a game program ora business program or distribution of data extracted from a database andedited has been and is increasing. Where communication environments opento the outside are used for such electronic information exchange, thereis the possibility that a third party who is not a receiving party mayacquire electronic information being communicated through anintercepting or stealing action and utilize the electronic information.Particularly where information is distributed for pay or informationrelating to privacy is transmitted, it is necessary to take acountermeasure so that electronic information being communicated may notbe stolen readily.

In order to disable utilization of electronic information by a thirdparty having no relation even if the third party acquires the electronicinformation, a method is used to assure the secrecy of electronicinformation through encipherment of the electronic information.Encipherment techniques developed for the object just described includevarious systems such as encipherment systems which use a symmetrical keyand another encipherment systems which use an asymmetrical key.

However, even if such encipherment techniques are used, since storedelectronic information or electronic information being transmittedincludes all information, if someone acquires a decipherment methodthrough some means such as deciphering of the cipher, then the personcan decipher the cipher readily to acquire the useful information. Alsoalteration or counterfeiting is possible, and attention must always bepaid to whether or not information extracted or received keeps true andcorrect information. Particularly where electronic information for whichhigh security is required such as authentication information of theperson itself is stored or transmitted, the conventional methods are notfree from anxiety.

If information stored or being communicated is subject to alteration ormissing, then most of the information extracted or received cannot beutilized correctly, and use of the incorrect information as it is maygive rise to some trouble. Also the fact itself that information isknown to a third party sometimes matters. Accordingly, a convenienttechnique for confirming that received electronic information has theidentity with that which has been forwarded and for confirming thatelectronic information is used legally is demanded.

Therefore, it is an object of the present invention to provide atechnique of assuring the security of electronic information by workingelectronic information to be stored or transmitted so that, even if theelectronic information stored or being transmitted is stolen, it cannotbe utilized thereby to decrease the value of the information and toprovide a method of assuring the genuineness of information which a userhas extracted or received to restore.

DISCLOSURE OF THE INVENTION

A security assurance method for electronic information of the presentinvention is characterized in that an electronic information file isdivided into a plurality of information elements, and the dividedinformation elements are selected and combined with their order changedto produce one or more information blocks. The information blocks areproduced such that, if all of the information blocks are not integrated,then all of the information elements are not included. Further, divisionextraction data in which division information of the informationelements and formation information of the information blocks arerecorded is produced, and part of the information blocks and thedivision extraction data is transmitted to and stored into acertification station. Meanwhile, the other parts are stored ortransmitted separately. Then, when the genuineness of the electronicinformation is to be confirmed, all of the information blocks and thedivision extraction data including the part stored in the certificationstation are collected and the information blocks are re-divided into theoriginal information elements, re-arranged in the correct order andintegrated based on the division extraction data to restore the originalelectronic information file. According to the security assurance methodfor electronic information of the present invention, part of informationis deposited to the certification station and, when the originalinformation is required, the information block in hand and theinformation block owned by the other party as well as the informationblock deposited to the certification station are joined to restore theinformation. Accordingly, even if one of the parties concerned and thecertification station alters its information, the fact of the alterationis found clearly, and since the information stored by the certificationstation is not the entire information but part of the information, theinformation capacity required for the certification station may besmall. Further, since the function of authenticating the security ofinformation is divided into the three parties, it is an advantage inadministration of the certification station that the burden on thecertification station is light.

It is to be noted that the division extraction data may be stored ortransmitted separately, and the division extraction data relating to theinformation elements may be produced and annexed for each of theinformation elements.

According to the security assurance method for electronic information ofthe present invention, an electronic information file to be stored orsent is divided into a suitable number of information elements ofsuitable lengths and then shuffled and combined to produce one or moreinformation blocks, and the information blocks are stored into anexternal storage apparatus or sent to a recipient.

Accordingly, since the electronic information stored or beingcommunicated are in a state wherein it is not useful unless it isrestored like paper information broken by a shredder, even if a thirdparty who does not have restoration means accesses the electronicinformation, the electronic information is not leaked as valuableinformation, and therefore, it is secure.

Also where only one information block is formed for an electronicinformation file, since the order of the information elements placed inthe information block is different, it is difficult to read ordiscriminate the information. However, where a plurality of informationblocks are formed and stored or sent separately from each other, theneven if a third party steals one of the information blocks, the entirecontents of the electronic information are not stolen, and consequently,naturally the security is improved further.

Also it is possible to apply a cipher technique to store or send theinformation blocks to achieve further improvement of the security.

The division extraction data is data necessary for division andcombination used when the information blocks are formed, and is storedor sent together with the information blocks. Since the divisionextraction data includes position information and length information ofeach information element in the electronic information file, it may beannexed to each information element and handled together with aninformation block. Further, where the importance is attached to thesecurity, the division extraction data may be handled separately fromthe information blocks.

A person who extracts or receives the electronic information collectsall of the information blocks and uses the division extraction data toseparate the information elements included in the individual informationblocks and re-couple the information elements in the correct order torestore the original electronic information.

When the electronic information is to be stored into an external storageapparatus of a computer, information blocks and division extraction datamay be produced by processing the electronic information file in such amanner as described above and stored into the external apparatus.

Where the security assurance method of the present invention is appliedto a storage apparatus, even if the storage apparatus is accessed by athird party, this does not lead to leakage of valuable information, andthe security in storage of electronic information by the computer isimproved.

It is to be noted that, where electronic information is to be sent,preferably an electronic information file is divided into a plurality ofinformation elements and the divided information elements are selectedand combined to produce a plurality of information blocks, and then theinformation blocks are transmitted in a separate condition from eachother to a recipient and division extraction data is transmitted to therecipient along with the separated information blocks, whereafter therecipient side receiving the data re-divides and integrates theinformation elements included in the information blocks into the correctorder based on the division extraction data to restore the originalelectronic information.

When an electronic information file is to be sent, preferably it has ahigher degree of security because a communication path used is sometimeswidely open to the public. Also in such an instance, where a pluralityof information blocks are sent by different communication means, aconsiderably high degree of security can be assured.

Since the information blocks in the present invention individually carrymere part of necessary information, even if some information block isacquired during communication, the entire information cannot berestored.

Accordingly, preferably at least one of the information blocks and thedivision extraction data is transmitted to the recipient by secondtransmission means different from the transmission means for the otherelectronic information.

Where all of the information blocks and the division extraction data arenot sent using the same transmission means but some of them aretransmitted by different transmission means, even if a thief is presentmidway of a communication path, it cannot collect all information, andthis provides a higher degree of security.

If the information blocks are sent at different points of time from eachother or sent using different communication routes from each other, thenit is very difficult to steal all information blocks without a miss onthe way of the communication path, and only part of the information canbe acquired to the utmost. Therefore, even when authentication data ofthe person itself is sent, it can be prevented that a third party stealsthe authentication data.

It is to be noted that preferably the division extraction data includesdata for confirmation of the originality of the electronic informationfile. The identity between the electronic information file which hasbeen intended to be sent and the electronic information restored by therecipient can be confirmed with a high degree of certainty by verifyingthe fact that the division extraction data and contents of the receivedinformation blocks are consistent.

Further, the identity between the electronic information file which hasbeen intended to be sent and the electronic information restored by therecipient may be confirmed by placing an information element selectedfrom among the information elements, that is, a key element, intoinformation blocks to be sent along different communication routes sothat the key element may be included commonly and verifying, when theinformation elements are to be integrated, the identity between the keyelements included in an overlapping relationship in the receivedinformation blocks.

It is to be noted that, in order to confirm that the electronicinformation sent is identical with the electronic information file whichhas been intended to be sent, also a simple method of checking whetheror not the number of words included in the individual files coincidewith each other is applicable.

If the security assurance method for electronic information of thepresent invention is used for on-line sales of an application program ora database, then even if any other person than a legal purchaser stealselectronic information being communicated, only part of the informationcan be acquired, and consequently, the program cannot be executed oruseful information cannot be acquired. Accordingly, since there is nomotivation of stealing electronic information being communicated, themerit to the selling party is not damaged by theft.

Further, if the security assurance method for electronic information ofthe present invention is applied to send authentication data of theperson itself, then information exchange with a high degree of securitycan be achieved while theft or forgery by a third party is preventedwith certainty.

If further strict assurance is required, preferably the original ofelectronic information to be sent is stored, and electronic informationrestored by the recipient side is sent back and verified with theoriginal of the electronic information to confirm the identity.

Furthermore, if the electronic information restored by the recipient issent back and verified with the stored original of the electronicinformation to confirm the identity, then even when the electronicinformation is altered during communication or misses partly, this canbe discriminated immediately to take a countermeasure.

It is to be noted that the information blocks acquired by the recipientmay be sent back as they are and verified with the original of theelectronic information. If inspection is performed for each of theinformation blocks, then a damaged portion can be specified, and thisfacilitates a countermeasure.

If a difference from the original is detected, then considering thereliability of the communication path doubtful, the information may besent again or the communication path may be changed to preventinterference of a person who has altered the information. It is to benoted that also the recipient can utilize the electronic informationwith confidence when a result of the verification is received from thetransmitting person.

The reliability is improved if a transfer station or so called transferauthority which is neutral and impartial is interposed in thetransmission means so that information transmission may be performedthrough the transfer station. The transfer station transfers aninformation block included in an information package sent thereto to therecipient based on address information.

Where such a route as described above is used to send the informationblocks, since the appearances of the divided information blocks aredifferent from each other, it is difficult for a thief midway of thecommunication path to collect all information blocks necessary torestore the electronic information file, and the security is furtherimproved.

Particularly, even if only a portion including the division extractiondata is sent through the transfer station, the reliability of the entiresystem is improved.

It is to be noted that, if the transfer station applies a ciphertechnique to transfer the electronic information, then a higher degreeof security can be assured.

Further, the transmitted information may not necessarily be usedimmediately by the recipient. Therefore, the transfer station may keepthe information blocks sent by the transmitting party such that therecipient may cause the transfer station to transmit the informationblocks when necessary so that it may integrate the collected informationblocks to restore and utilize the electronic information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a concept of a security assurancemethod for electronic information of the present invention;

FIG. 2 is a view illustrating an operation of the present invention;

FIG. 3 is a flow diagram illustrating a first embodiment of the securityassurance method for electronic information of the present invention;

FIG. 4 is a block diagram of a system which uses the present embodiment;

FIG. 5 is a flow diagram illustrating a second embodiment of thesecurity assurance method for electronic information of the presentinvention;

FIG. 6 is a block diagram of a system which uses the present embodiment;

FIG. 7 is a flow diagram illustrating a third embodiment of the securityassurance method for electronic information of the present invention;

FIG. 8 is a block diagram of a system which uses the present embodiment;

FIG. 9 is a flow diagram illustrating a fourth embodiment of thesecurity assurance method for electronic information of the presentinvention;

FIG. 10 is a block diagram illustrating a fifth embodiment of thesecurity assurance method for electronic information of the presentinvention and

FIG. 11 is a block diagram illustrating a function of a certificationstation or certification authority to which the present invention isapplied.

BEST MODE FOR CARRYING OUT THE INVENTION

The security assurance method for electronic information of the presentinvention is a method of making the security of electronic informationcertain in storage or communication of an electronic information file.According to the method of the present invention, even if someone stealselectronic information during storage or during communication, the valueof the information which can be acquired by theft is reduced to preventdamage by the theft and the gain of the theft is reduced to prevent astealing action. Further, if missing of information or alteration toinformation occurs during communication, then this fact is detectedthereby to assure the security.

In the following, details of the present invention are described withreference to the drawings.

FIG. 1 is a block diagram illustrating a concept of the presentinvention, and FIG. 2 is a view illustrating an operation of the presentinvention. FIG. 1 illustrates, as an example of form of use of thepresent invention, a case wherein an electronic information file isdivided into six information elements and divided into two informationblocks.

In the security assurance method for electronic information of thepresent invention, an object electronic information file 1 is dividedinto a suitable number of information elements 2. Here, forsimplification, a case wherein the electronic information file 1 isdivided into six information elements A, B, C, D, E and F is describedas an example. The information elements 2 need not be divided at aposition at which they have significance as information, and in order toreduce the possibility of stealing, preferably the information elements2 are obtained by merely dividing the electronic information file 1physically.

The order of arrangement of the information elements A, B, C, D, E and Fobtained by the division is changed and they are grouped suitably toform a suitable number of information blocks 3.

In the example shown, the information elements A, D and E aredistributed in the first information block 3, and the informationelements B, C and F are distributed in the second information block 3.It is to be noted that also the order of arrangement of the informationelements in each information block 3 can be changed arbitrarily.

Even if such information blocks 3 are read out by a third party, sincethe information elements A, B, C, . . . are not arranged in asignificant arrangement, contents of the electronic information cannotbe read if they remain as they are.

Further, since the electronic information is in a divided state, thecontents of it cannot be restored if all of the information blocks arenot acquired. For example, if authentication data of the person itselfillustrated in (a) of FIG. 2 is divided as seen in (b) of FIG. 2, theneven if one of the information blocks is acquired and the information isrestored successfully, the information cannot be used as authenticationdata. Therefore, even if someone accesses the electronic informationillegally, it is not easy to make it possible to utilize the electronicinformation, and the security of the information can be assured.

The information blocks 3 are stored into a storage apparatus or sent toa recipient in accordance with an object.

A user of the electronic information divides the information blocks 3acquired from the storage or received from the transmitting person intooriginal information elements 4 (A, B, C, . . . ) and re-arranges theinformation elements 4 into a correct order to form a usable electronicinformation file 5 thereby to restore the original electronicinformation file 1.

Basic information necessary to restore the electronic information file 1is division information of the information elements A, B, C, . . .included in the information blocks 3 and information of the position andthe length of each information element in the electronic informationfile 1.

After all of the information blocks 3 relating to the object electronicinformation file 1 are collected, the information elements in theinformation blocks 3 can be cut out and re-arranged into a correct orderusing the information of the top address and the word length of each ofthe information elements 2.

Further, when the electronic information file 1 is to be restored,information for specifying the object electronic information file 1 orinformation of the order of arrangement of information elements includedin each block when the information elements 2 are re-arranged to formthe information blocks 3 may be utilized.

In order to restore the electronic information file 1, it is requiredfirst to confirm that the collected information blocks 3 relate to theobject electronic information file 1 and that all relating informationblocks have been collected without a miss. In this instance, theoperation can be performed efficiently if an identification region X1 orX2 is annexed to an information block or an information element and IDinformation for specifying the electronic information file 1 is storedin and used together with the identification region.

Further, the electronic information file 5 obtained by re-dividing theinformation elements included in each block using division informationand re-arranging them in accordance with the order of arrangement of thedivided information elements 4 is the same as the electronic informationfile 1.

It is to be noted that whether or not the restored electronicinformation file 5 and the original electronic information file 1 aresame as each other can be verified with a certain degree of certainty,for example, by comparing the total word lengths of the two with eachother.

Division extraction data including such basic information is producedwhen the information blocks 3 are produced and stored or sent with anidentification region annexed to part of the information blocks 3 andthen utilized to restore the electronic information file 1. The divisionextraction data may be annexed for each information element.

It is to be noted that the division extraction data may be stored orsent separately from and independently of the information blocks 3.

According to the security assurance method for electronic information ofthe present invention, the number of the information blocks 3corresponding to the single electronic information file 1 is not limitedto two but may be a plural number equal to or greater than three or maybe one. Since, in any case, the arrangement of information elements ineach information block 3 is different from the original arrangement, athird party cannot read out and utilize the electronic information.Consequently, the security of the electronic information can be assured.

Embodiment 1

In the first embodiment, the security assurance method for electronicinformation of the present invention is applied to transmission of anelectronic information file securely to the other party using acommunication path.

FIG. 3 is a flow diagram illustrating the present embodiment, and FIG. 4is a block diagram of a system which uses the present embodiment.

First, a basic form of the present embodiment is described withreference to FIGS. 3 and 4.

An originator of electronic information first prepares newly or extractsfrom a database and edits electronic information to be transmitted toprepare an electronic information file 11 (S1). An example of subjectelectronic information is electronic information for which high securityis required such as authentication data of the person itself or valuableelectronic information such as software which is sold over acommunication path.

Then, division software 12 is used to divide the electronic informationfile 11 into a plurality of information elements 13 (S12). To thedivision software 12, the division position of each of the informationelements 13 in the electronic information file 11 and the word length ofthe information element can be indicated.

It is to be noted, instead of indicating the division position and theword length of each information element, the division software 12 itselfmay determine the division position and the word length if the number ofdivisions is designated. Although the division number can be determinedarbitrarily, where electronic information up to approximately 100 kBytesis an object, it may be determined that a number, for example, equal toor smaller than 100 is selected.

Then, extraction software 14 is used to distribute the informationelements 13 into a plurality of information blocks 15 (S3). Theextraction software 14 has a function of re-arranging the dividedinformation elements 13 into a different order and another function ofdistributing the information elements 13 into the information blocks 15.An operator can indicate the number of information blocks.

Further, the division information and a result of the re-arrangement ofthe information elements 13 are converted into division extraction dataof the electronic information and individually annexed to theinformation elements 13. The division extraction data of all of theinformation elements 13 distributed to the information blocks 15 may beannexed collectively in the identification regions X1 and X2 of theinformation blocks 15 (S4).

It is to be noted that the identification regions X1 and X2 may includedata regarding an originator and a recipient, data regarding electronicinformation such as its preparing person and its owner, data whichdescribes a range within which the electronic information can beutilized such as an authorized user or a term of validity, data forspecifying software to be applied such as integration software and soforth.

Further, if an ID which indicates electronic information is described inan identification region, then since this facilitates assorting ofinformation blocks, this is convenient to collect information blocksrelating to object electronic information in order for a recipient tore-integrate the information blocks to restore an electronic informationfile.

It is to be noted that the division extraction data may be sent to therecipient separately from and independently of the information blocks.Further, instead of annexing the division extraction data discretely tothe information blocks, the division extraction data may be annexedcollectively to one of the information blocks. Furthermore, the divisionextraction data regarding the entire electronic information file may beannexed to all of the information blocks.

Then, the information blocks 15 are individually placed into packages tobe transmitted to transfer stations 21 (S5). In each of the packages,the address of a person to receive the package finally is placed. Thepackages are enciphered and sent to the transfer stations 21 (S6). Theencipherment processing may be performed applying a suitable knownmethod.

In this instance, different destinations can be selected for theindividual packages. Communication means to be used is selected based onthe degree of security which depends upon the risk of a communicationpath and the characteristic of the electronic information. Where leakageor alteration should be minimized, a number of communication means asgreat as possible are used.

It is to be noted that, when the risk of leakage of information is low,an ordinary communication path in which no transfer station is presentmay be used. Since the security assurance method of the presentinvention has a high degree of security because it places electronicinformation into communication paths in a divided and re-arranged state,even if an ordinary communication path is used, the security assurancemethod provides a sufficiently high degree of security when comparedwith conventional methods.

Further, as communication means, for example, a method of using a mailto send a portable storage device such as a floppy disk or a like methodmay be selected.

Each of the transfer stations 21 receiving a package deciphers thepackage to read the destination information placed in the package (S7).

Further, the transfer station 21 enciphers the information blocks placedin the package again and sends them to the indicated recipient (S8).

Since the information blocks 15 are distributed in a state whereincontents thereof cannot be discriminated from their appearance todifferent transfer stations in this manner, even if a third party canacquire the electronic information present in the communication path, itis difficult for the third party to discriminate and collect necessaryinformation, and the third party cannot restore the object electronicinformation.

The recipient receives and deciphers information blocks 31 sent from thetransfer stations (S9) and then searches the information blocks or theidentification region portions of the information elements to collectall of the information blocks 31 required to restore the objectelectronic information (S10).

Further, the recipient extracts the division information used when theinformation elements 13 are produced and the extraction information usedwhen the information blocks 15 are produced from the division extractiondata of the identification region portions (S11).

Then, the recipient re-divides the information blocks 31 based on thedivision information and the extraction information to cut out theoriginal information elements 13 (S12) and re-arranges the informationelements 13 into the original order using integration software 32 (S13).

Finally, the recipient integrates all of the information elements toform an electronic information file 33. In this instance, the recipientcompares the total length of the electronic information file 33 formedby the integration with the total length value of the original fileincluded in the division extraction data (S14). If they coincide witheach other, then it can be determined that the original electronicinformation file 11 has been regenerated successfully with aconsiderably high degree of probability. Further, it is also possible touse information which describes a characteristic of the original orposition information in which a suitable bookmark is inserted in orderto confirm the identity with the original with a higher degree ofaccuracy.

Embodiment 2

In the second embodiment, the electronic information security assurancemethod of the present invention is provided with means for assuring theoriginality of electronic information with a higher degree ofreliability.

FIG. 5 is a flow diagram illustrating the electronic informationsecurity assurance method of the second embodiment provided with meansfor assuring the originality by an originator of electronic information,and FIG. 6 is a block diagram of the same.

In the following, the embodiment of the present invention which isprovided with means for confirming the originality by an originator ofelectronic information is described with reference to FIGS. 5 and 6.

It is to be noted that, since the security assurance method on which thepresent embodiment is based is the same as that described hereinabove,in the following description, overlapping description is avoided to sucha degree that simplification or omission of a portion does not causemisunderstanding.

When the originator prepares an electronic information file 11 to besent, he produces a copy 17 from the original (S21) and stores the copy17 (S22). It is to be noted that the original 11 may be stored in placeof the copy 17.

Then, the originator uses division extraction software 16 to work theoriginal 11 of the electronic information file based on divisioninformation and extraction information given from an operator orproduced partly by the computer to form an information block 15similarly as in the first embodiment described hereinabove (S23). It isto be noted that, where the original 11 is stored, the copy 17 isselected as the subject of the working.

The information blocks 15 are individually sent to transfer stations 21similarly as in the first embodiment (S24).

The transfer stations 21 transfer the received information blocks 15 tothe designated recipient (S25).

The recipient checks the received information blocks 31 to collect allof the information blocks 31 necessary to restore the object electronicinformation (S26).

Thereafter, the recipient uses integration software 32 to extractinformation elements in the information blocks 31 based on theextraction information and the division information included in theacquired division extraction data and re-arrange and integrate theinformation elements to form an electronic information file 33 (S27).

Further, the recipient produces a copy 35 of the formed electronicinformation file 33 (S28) and sends back the copy 35 to the originatorof the electronic information through a transfer station 22 by a similarmethod to that in the transmission from the originator (S29).Preferably, a plurality of transfer stations are used for the transferstation 22 in this instance similarly as in the case of thetransmission. Further, the copy 35 to be sent back is preferablyenciphered to raise the security.

The originator compares the received copy 35 of the restored electronicinformation file and the copy 17 stored therein with each other toconfirm the identity between them (S30).

If the two do not coincide with each other, then since the copy 35cannot be used as the electronic information, a notification of this isissued (S31). If the recipient does not receive a warning notificationfrom the originator, then it can discriminate that the restoration ofthe information file has been performed normally (S32).

It is to be noted that, if the two files do not coincide with eachother, then since this represents that some trouble has occurred duringthe communication, a cause must be found out and excluded so that latercommunication may be performed securely. If the cause cannot beexcluded, then preferably the communication means is changed.

Where the originator confirms that restoration of electronic informationby the recipient has been performed correctly in this manner, electronicinformation exchange of very high reliability is realized.

Embodiment 3

The third embodiment is an originality assurance method for electronicinformation wherein the security assurance method for electronicinformation of the present invention is provided with means forconfirming the originality of each information block to detectabnormality of individual communication paths to further facilitate acountermeasure.

FIG. 7 is a flow diagram illustrating the present embodiment, and FIG. 8is a block diagram of a system which uses the present embodiment. In thefollowing, the present embodiment is described in detail with referenceto FIGS. 7 and 8.

It is to be noted that, also in the present embodiment, overlappingdescription is avoided by simplifying or omitting the same portion asthat described already.

Similarly as in the first embodiment, an originator prepares anelectronic information file 11 to be transmitted (S41), and cuts out andshuffles information elements based on division information andextraction information to form information blocks 15 (S42).

Then, the originator produces a copy from the information blocks 15 andstores the copy (S43).

Then, the originator sends packages in which the information blocks 15are placed to transfer stations 21 by the same method as in the firstembodiment (S44). The transfer stations 21 decipher the packages to readthe the address of a recipient and transfers the information blocks 15to the designated recipient again (S45).

The recipient produces a copy of the received information blocks 31(S46) and sends back the copy to the originator through a transferstation 23 (S47).

The originator verifies the copy of the information blocks 31 sent backthereto and the copy of the original information blocks 15 storedtherein with each other to confirm whether or not they coincide witheach other (S48).

If the two coincide with each other, then since the information blocks31 have not been subject to alteration during the communication, theycan be used as they are to restore the electronic information.

On the other hand, when the two do not coincide with each other, thisrepresents that a communication path which has been used fortransmission of an information block is abnormal. While detection ofabnormality is possible in the second embodiment described above, sinceabnormality is detected in an integrated form of all communicationpaths, it is difficult to specify a communication route which isabnormal. However, where the method of the present embodiment is used,the abnormal route can be specified simply as described above.Accordingly, also it is easy to take a countermeasure such as removal ofthe trouble.

A notification of a result of the verification performed by theoriginator is sent to the recipient (S49).

If the result of the verification proves that the two copies coincidewith each other, then the recipient uses integration software 32 toperform restoration of the electronic information file in accordancewith a procedure same as that in the first embodiment (S50). Integrateddata 33 formed from the information blocks 31 become a file 34 havingthe same contents as those of the original electronic information file11.

It is to be noted that, as described hereinabove in connection with thefirst embodiment, exchange of electronic information may be performedusing a communication path in which such transfer stations 21 or 23 asdescribed above are not present.

Further, the transfer stations may store the information blockstransmitted from the transmitting person and then transmit theinformation blocks in accordance with a request of the recipient. Therecipient collects all information blocks and integrates, restores anduses them.

Embodiment 4

According to the fourth embodiment, the security assurance method forelectronic information of the present invention is applied to storage ofan electronic information file into an external storage apparatus of acomputer system.

FIG. 9 is a block diagram of a computer system which uses the securityassurance method for electronic information of the present embodiment.

In the following, the present embodiment is described with reference tothe drawing.

It is to be noted that, since operations and effects of the componentsof the present embodiment are much common to those of the embodimentsdescribed hereinabove, like components having like functions to those inthe embodiments described above are denoted by like reference numeralsand the description of them is simplified to prevent overlappingdescription.

An electronic information file 41 prepared by a computer system isdivided into information elements and re-arranged by division extractionsoftware 42 so that it is distributed into a plurality of informationblocks 43 and then stored into a storage apparatus 50.

When the electronic information file 41 is to be extracted from thestorage apparatus 50, information blocks 61 which carry the subjectelectronic information are all collected and integration software 62 isexecuted. The integration software 62 extracts division information andextraction information from the information blocks 61, cuts out theinformation elements in the information blocks 61 based on theinformation, re-arranges the information elements into the originalorder and integrates them to produce an electronic information file 63.

Where the electronic information security assurance method of thepresent embodiment is used, since an electronic information file storedin the storage apparatus 50 is divided in a plurality of informationblocks, it is difficult to collect all relating information blocks sothat object electronic information may be restored. Further, sinceinformation elements in the information blocks are scattered like paperinformation broken by a shredder, also it is not easy to regenerate partof electronic information.

Leakage of information through accessing from the outside can beprevented in this manner.

It is to be noted that electronic information may be enciphered when itis to be recorded into the storage apparatus 50.

Further, the storage apparatus 50 need not be a single storageapparatus, and electronic information may be stored into storageapparatus separate from each other for individual information blocks.

The electronic information security assurance method of the presentembodiment can be applied when an authentication station for which thesecurity is required particularly stores authentication data of theperson itself into an external storage apparatus such as a hard diskapparatus or a magnetic tape apparatus.

Embodiment 5

In the fifth embodiment, the security assurance method for electronicinformation of the present invention is provided with means for makinguse of part of electronic information to secure the originality of theelectronic information. FIG. 10 is a block diagram illustratingoriginality assurance means used in the present embodiment. Since thesecurity assurance method for electronic information on which thepresent embodiment is based is the same as that described hereinabove,in the following description, overlapping description of the portion issimplified or omitted to prevent overlapping explanation.

FIG. 10 illustrates a case wherein, as an example of form of use of thepresent invention, an electronic information file is divided into seveninformation elements and divided into two information blocks.

The order of arrangement of the divided information elements A, B, C, D,E, F and G is changed, and they are grouped suitably so that they aredistributed into two information blocks. In this instance, some of theinformation elements are included commonly as key elements into both ofthe information blocks. Further, identification regions X1 and X2 inwhich division information of the information elements, information ofthe position and the length of each information element in theelectronic information file, ID information of the electronic file andso forth are recorded are annexed to the information blocks so that theycan be utilized for restoration.

In the example illustrated in FIG. 10, the information elements A, B, C,E and F are distributed in the left information block while theinformation elements B, D, E and G are distributed in the rightinformation block, and the information elements B and E are included askey elements in both of the information blocks. Since the informationelements in each information block are changed in order suitably and arenot arranged significantly, even if the information block is read by athird person, contents of the electronic information cannot be read asthey are. The information blocks are stored into a storage apparatus orsent to a recipient in accordance with an object.

A user of the electronic information divides the acquired informationblocks into the original information elements (A, B, C, . . . ) based onthe information recorded in the identification regions X1 and X2, andre-arranges the information elements into a correct order to restore theoriginal electronic information file.

Upon restoration, the information elements B and E which are included inan overlapping relationship in the two information blocks and serve askey elements are detected and verified individually with each other.Thus, if any of the information blocks has been subject to somealteration upon storage or transmission of the information, then sincethe contents of the overlapping information elements do not coincidewith each other, the abnormality can be detected simply.

According to the abnormality detection method used in the presentembodiment, since a key element which is a subject of verificationcannot be extracted even if an information block is observed by itself,an attack of a third party can be prevented readily. Further, no specialadditional information is required, and information processing forconfirmation of the security is simple.

It is to be noted that naturally the abnormality detection method of thepresent embodiment may be used together with any other method to improvethe security.

Embodiment 6

The sixth embodiment relates to a certification station or acertification authority which applies the security assurance method forelectronic information of the present invention to divide and storeinformation into several places and accurately perform variousverifications of transaction contents and so forth between the partiesconcerned.

FIG. 11 is a block diagram illustrating a function of a certificationstation or authority to which the present invention is applied. Sincethe security assurance method on which the present embodiment is basedis the same as that described hereinabove, in the following description,a portion describing the certification authority is described in detailwhile overlapping description of the other portion is avoided.

A first party I and a second party II convert mutually consentedtransaction contents into electronic information and store theelectronic information. However, since an electronic document leaves nomarks even if it is rewritten, the originality of it cannot be secured.Accordingly, in order to minimize the possibility of the future dispute,it is demanded to utilize a certification authority CA, which is a thirdparty organization in which confidence can be placed, to depositcontents of a transaction and, when necessary, to receive a presentationof and confirm the original.

However, where an original is recorded in its full text, a very greatstorage capacity is required for the certification authority CA.Further, even the certification authority CA may possibly suffer fromalteration, and if it is tried to completely secure the genuineness ofelectronic information, then considerable difficulty is involved inmanagement and administration of the certification authority CA.

The present embodiment is configured by applying the electronicinformation security assurance method of the present invention and is anauthentication system wherein the burden on the certification authorityCA is low and the originality of electronic information can be securedwith a high degree of certainty.

The parties I and II concerned divide contents of the mutual agreementinto information blocks A, B and C based on the method of theembodiments described hereinabove. The first party I concerned storesthe first information block A while the second party II concerned storesthe second information block C. Further, the third information block Bis deposited to the certification authority CA.

In such an authentication system described above, if any of theorganizations alters its record, the original cannot be restored.Accordingly, the actually restored electronic information conveys thecontents of the original correctly. Therefore, the certificationauthority CA can secure the originality of the restored electronicinformation only by recording a very small part of the original. Sincethe storage capacity to be possessed by the certification authority CAis reduced and the full text of contents of the agreement need not bestored, also the storage responsibility of the certification authorityCA is moderated.

INDUSTRIAL APPLICABILITY OF THE INVENTION

As described in detail above, since the security assurance method forelectronic information of the present invention divides an electronicinformation file once into information elements, re-arranges and placesthe information elements separately into information blocks and thenplaces the information blocks into communication paths or stores theinformation blocks into a storage apparatus, even if a third partysteals an information block being communicated or stored, because smallinformation elements are placed in a scattered form in the informationblock and contents of the electronic information cannot be read ordiscriminated, leakage of the secret can be prevented. Further, when theelectronic information is to be restored, the originality of theelectronic information can be confirmed readily. It is to be added that,where a communication result received over a communication path by arecipient or a restored electronic information file is sent back to itsoriginator and verified with a stored copy, the originality can besecured with a very high degree of reliability.

1. A security assurance method for electronic information, comprising:an electronic information file that is divided into a plurality ofinformation elements, wherein the divided information elements areselected and combined with their order changed to produce two or moreinformation blocks that each contain two or more of the informationelements, wherein when all of the information blocks are not integrated,then all of the information elements are not included; divisionextraction data is produced in which division information of saidinformation elements and formation information of the information blocksare recorded; said information blocks and the division extraction dataare separated so that all of the information may not gather at a time;at least one of said information blocks and the division extraction datathat were separated is transmitted to and stored into a certificationstation while the others are stored or transmitted separately; and whenthe genuineness of said electronic information is to be confirmed, allof the information blocks and the division extraction data includingthat stored in the certification station are collected and saidinformation blocks are re-divided into the original informationelements, re-arranged in the correct order and integrated based on saiddivision extraction data to restore the original electronic informationfile.
 2. The security assurance method for electronic informationaccording to claim 1, wherein said division extraction data is stored ortransmitted separately by different means from that with which saidinformation blocks are stored or transmitted.
 3. The security assurancemethod for electronic information according to claim 1, wherein saiddivision extraction data relating to said information elements isannexed for each of said information elements.
 4. The security assurancemethod for electronic information according to claim 1, wherein saidinformation blocks and the division extraction data are stored into anexternal storage apparatus, and said external storage apparatus isdisconnected from the system to keep the electronic information insecurity therein.
 5. The security assurance method for electronicinformation according to claim 1, wherein a plurality of saidinformation blocks are formed, and said blocks are transmitted in aseparate state from each other to a recipient together with saiddivision extraction data.
 6. The security assurance method forelectronic information according to claim 5, wherein said divisionextraction data includes data for confirmation of the originality ofsaid electronic information file.
 7. The security assurance method forelectronic information according to claim 1, wherein one or more indexinformation elements selected from among said information elements isincluded commonly into a plurality of information blocks, and when theinformation elements are integrated, the identity of the indexinformation elements included commonly in an overlapping relationship inthe different information blocks is verified to confirm the security ofthe information.
 8. The security assurance method for electronicinformation according to claim 5, wherein at least one of saidinformation blocks and said division extraction data is transmitted tothe recipient by second transmission means different from thetransmission means for the other electronic information.
 9. The securityassurance method for electronic information according to claim 8,wherein a transfer station is interposed in said transmission means orsaid second transmission means, and a block of the information to besent by said transmission means is accommodated into an informationpackage together with destination information and sent to said transferstation, which in turn transfers the information block to said recipientbased on said destination information.
 10. The security assurance methodfor electronic information according to claim 9, wherein said recipienttransmits the information block back to a sender for data verificationof said transmission means or said second transmission means.
 11. Thesecurity assurance method for electronic information according to claim7, comprising: determining an abnormality in a corresponding informationblock when an alteration of a first index information element isdetected during verification of the first index information elementbetween two different information blocks.
 12. The security assurancemethod for electronic information according to claim 1, wherein saidtransmission changes an order of the information blocks, and whereinsaid information blocks and the division extraction data is encipheredbefore said transmission or storage.
 13. A security assurance method forelectronic information, comprising: converting mutually consentedtransaction contents of a first party and a second party into anelectronic information file that is divided into a plurality ofinformation elements, wherein the divided information elements areselected and combined with their order changed to produce three or moreinformation blocks each with a plurality of the information elements,wherein when all of the information blocks are not integrated, then allof the information elements are not included; division extraction datais produced in which division information of said information elementsand formation information of the information blocks are recorded; saidinformation blocks and the division extraction data are separated sothat all of the information may not gather at a time; at least one ofsaid three information blocks that were separated is enciphered andtransmitted to and stored into a third party certification station, thefirst party and the second party, respectively; and when the genuinenessof said electronic information is to be confirmed, all of theinformation blocks and the division extraction data including thatstored in the certification station are collected and said informationblocks are re-divided into the original information elements,re-arranged in the correct order and integrated based on said divisionextraction data to restore the original electronic information file. 14.The security assurance method for electronic information according toclaim 13, wherein remaining information blocks and remaining divisionextraction data are stored by the first party and the second party.